CVE-2012-2372
The MITRE CVE dictionary describes this issue as:
The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.
Find out more about CVE-2012-2372 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux MRG. Future kernel updates for Red Hat Enterprise Linux 5 and 6 may address this issue.
CVSS v2 metrics
| Base Score | 4.9 |
|---|---|
| Base Metrics | AV:L/AC:L/Au:N/C:N/I:N/A:C |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 5 (kernel) | RHSA-2012:1540 | 2012-12-04 |
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2012:0743 | 2012-06-18 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | realtime-kernel | Not affected |
| Red Hat Enterprise Linux 4 | kernel | Will not fix |
Acknowledgements
This issue was discovered by Li Honggang of Red Hat.CVE description copyright © 2017, The MITRE Corporation